CVE-2014-0249: The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

CVE-2015-5292: Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Please fix it.

Created: 2015-10-05
Last update: 2017-08-18
01:26

Standards version of the package is outdated.

wishlist

The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.0.1 instead of
4.0.0).